Survey Points to Concerns Over 'Hacktivist' Attacks

An industry-produced survey suggested that Web site attacks motivated by political considerations may be on the rise.

Most distributed denial-of-service (DDoS) attacks were attributed to political or ideological reasons, according to respondents in a report recently published by Arbor Networks. Thirty-five percent of survey respondents to Arbor Networks' annual Worldwide Security Infrastructure Report, released Feb. 7, said ideology or politics is the most common motivating factor for attacks, followed by vandalism at 31 percent.

At the same time, confidence in law enforcement to deal with the issue is at an all-time low. Only 21 percent of respondents were confident that law enforcement entities could help. Most -- nearly 74 percent of respondents -- do not refer security breaches to authorities. While respondents cited a range of reasons for not alerting law enforcement, one was that many attacks originate from foreign locations.

Similarly, 73 percent of respondents are concerned that governments are not doing enough to protect critical network infrastructure. On the positive side, 88 percent of respondents welcome greater government involvement with operational security incident response and 66 percent are actively engaged with their respective national or regional Computer Emergency Readiness Team (CERTs) and/or Computer Security Incident Response Teams (CSIRTs). Some respondents weren't involved simply because no national or regional organization of this type exists in their area.

The survey also found the scope and number of attacks on the rise. There was a significant increase in flood-based DDoS in the 10 Gbps range, indicating that large flood-based attacks have gone "mainstream" and DDoS will be a routine attack method, noted the report.

New DDoS tools "have empowered anyone with an Internet connection to launch DDoS attacks. This has profound implications for any business operating online. The risk of attack is now exponentially greater than in the recent past, commanding the need for a layered defense strategy in the enterprise," according to a company press release on the survey.

Respondents are seeing IPv6 DDoS attacks for the first time on their networks, which the report described as "a significant milestone in the arms race between attackers and defenders."

"Even many of the less sophisticated tools have Remote Access Trojan functionality to perform password theft, download and execute other malware, sniff keystrokes and other malicious activities," said Curt Wilson, a member of Arbor's Security and Engineering Response Team.

"In addition to the threats to confidentiality, actual incidents have shown that simple flooding tools such as a host booter can take down enterprise-class firewalls from either side of the firewall due to state table exhaustion."

The company surveyed 114 individuals from around the world. All were directly involved in their organization's network security operations.